external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

error.php, header.php, footer.php - Add custom exception handling, header, footer; index.php, upload-file.php, upload-2-usb.php - Require exactly 1 USB stick to be inserted, allow same file name but different content (using incremental numbering), reject duplicate content, restrict file types

Browse source
This commit is contained in:
avni 2025-01-12 12:04:47 +01:00
parent 956257f6cb
commit 30f940a5f4
6 changed files with 142 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

16
roles/usb_lib/files/upload/error.php Normal file
View file

@ -0,0 +1,16 @@
<?php
/*
* error.php
* Upload2USB App error
*/
?>
AN ERROR occurred! Please make sure <span style="color:red; font-weight:bold"> one and ONLY one </span>(no more, no less) removable USB stick is plugged into your Internet-in-a-Box. <!-- Also make sure the <span style="color:red; font-weight:bold;">usb_lib_umask0000_for_kolibri</span> parameter in your IIAB configuration file is set to True. --> Reach out to TK for help if you have any questions or continue having trouble with the setup.
<br/><br/>
Share the below error message with IIAB developers at TK for debugging:
<pre><?php if (isset($exception)) {echo (string)$exception;} ?></pre>

14
roles/usb_lib/files/upload/footer.php Normal file
View file

@ -0,0 +1,14 @@
<?php
/*
* footer.php
* Upload2USB App Footer for all User Facing Pages
*/
?>
</div>
</div>
</div>
</body>
</html>

32
roles/usb_lib/files/upload/header.php Normal file
View file

@ -0,0 +1,32 @@
<?php
/*
* header.php
* Upload2USB App Header for all User Facing Pages
*/
include("upload2usb.php");
?>
<!DOCTYPE html>
<html>
<head>
<title><?php echo $title ?></title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/common/css/bootstrap4.min.css"/>
<link rel="stylesheet" href="/common/css/fa.all.min.css"/>
<link rel="stylesheet" href="/common/css/font-faces.css"/>
<script src="/common/js/jquery.min.js"></script>
<script src="/common/js/bootstrap4.min.js"></script>
</head>
<body class="text-center" style="background-color:#f5f5f5;">
<div id="container" class="container">
<div class="row">
<div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;">
<img class="mb-4" src="uk-swing.png" alt="" width="75">
<h1 class="h3 mb-3 font-weight-normal"><?php echo $title ?></h1>

34
roles/usb_lib/files/upload/index.php
View file

@ -4,47 +4,21 @@
* Upload2USB App Index Page
*/
include("upload2usb.php");
$title = "IIAB Upload to USB";
include("header.php");
//Check if folder for today exists, and get file count if it does
$file_count = getFileCount(getTargetFolderPath(0));
?>
<!DOCTYPE html>
<html>
<head>
<title>IIAB Upload to USB App</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/common/css/bootstrap4.min.css"/>
<link rel="stylesheet" href="/common/css/fa.all.min.css"/>
<link rel="stylesheet" href="/common/css/font-faces.css"/>
<script src="/common/js/jquery.min.js"></script>
<script src="/common/js/bootstrap4.min.js"></script>
</head>
<body class="text-center" style="background-color:#f5f5f5;">
<div id="container" class="container">
<div class="row">
<div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;">
<form action="upload-file.php" id="upload2usb_form" method="post" enctype="multipart/form-data">
<img class="mb-4" src="uk-swing.png" alt="" width="75">
<h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1>
<label for="upload2usb" style="font-weight:bold;padding-bottom:10px;">Upload your file here!</label><br/>
<input type="file" name="uploaded_file" id="uploaded_file"><br/><br/>
<button class="btn btn-dark" name="submit" type="submit" style="width:150px;">Submit</button>
</form>
<br/>
<?php echo $file_count ?> files have been uploaded today!
<?php echo $file_count ?> files have been uploaded today!
</div>
</div>
</div>
</body>
</html>
<?php include ("footer.php"); ?>

56
roles/usb_lib/files/upload/upload-file.php
View file

@ -4,20 +4,29 @@
* Upload2USB App - Process Submission
*/
include("upload2usb.php");
$title = "IIAB Upload to USB App Results";
include("header.php");
//get folder path where file will be stored
$target_folder_path = getTargetFolderPath(1);
$target_file = $target_folder_path . "/" . basename($_FILES["uploaded_file"]["name"]);
$uploaded_filename = basename($_FILES["uploaded_file"]["name"]);
$target_file = $target_folder_path . "/" . $uploaded_filename;
$upload_ok = 1;
$upload_msg = "";
if(!isset($_POST["submit"]) || empty(basename($_FILES["uploaded_file"]["name"]))) {
$upload_msg = "No file submitted.";
if(!isset($_POST["submit"]) || !is_uploaded_file($_FILES['uploaded_file']['tmp_name'])) {
$upload_msg = "No file submitted!";
$upload_ok = 0;
} elseif (!isFileMimeTypeAcceptable($_FILES["uploaded_file"]["tmp_name"])) {
$upload_msg = "You can not upload zips, executables, xml, and other high-risk files!";
$upload_ok = 0;
} elseif (!isFileContentUnique($target_folder_path, $_FILES["uploaded_file"]["tmp_name"])) {
$upload_msg = "This file already exists!";
$upload_ok = 0;
} elseif (file_exists($target_file)) {
$upload_msg = "This file already exists.";
$upload_ok = 0;
// rename file so name is unique
$new_filename = getUniqueFileName($target_folder_path, $uploaded_filename);
$target_file = $target_folder_path . "/" . $new_filename;
}
// Check if $upload_ok is set to 0 by an error
@ -27,44 +36,19 @@ if ($upload_ok == 0) {
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["uploaded_file"]["tmp_name"], $target_file)) {
$upload_msg = "&#x1F60A; &#x2705; Your file <span style=\"font-weight:bold; font-style:italic;\">". htmlspecialchars( basename( $_FILES["uploaded_file"]["name"])). "</span> was successfully uploaded!";
$upload_msg = "&#x1F60A; &#x2705; Your file <span style=\"font-weight:bold; font-style:italic;\">". htmlspecialchars( $uploaded_filename ). "</span> was successfully uploaded!";
} else {
$upload_msg = "&#x274C; There was an error uploading your file. " . $upload_msg;
$upload_msg = "&#x274C; There was an error uploading your file. " . $_FILES["upload_file"]["error"] . $upload_msg;
}
}
$file_count = getFileCount($target_folder_path)
$file_count = getFileCount($target_folder_path);
?>
<!DOCTYPE html>
<html>
<head>
<title>IIAB Upload to USB App</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="/common/css/bootstrap4.min.css"/>
<link rel="stylesheet" href="/common/css/fa.all.min.css"/>
<link rel="stylesheet" href="/common/css/font-faces.css"/>
<script src="/common/js/jquery.min.js"></script>
<script src="/common/js/bootstrap4.min.js"></script>
</head>
<body class="text-center" style="background-color:#f5f5f5;">
<div id="container" class="container">
<div class="row">
<div class="col-sm-6 offset-sm-3 text-center" style="padding:15px;">
<img class="mb-4" src="uk-swing.png" alt="" width="75">
<h1 class="h3 mb-3 font-weight-normal">Internet in a Box Upload to USB</h1>
<?php echo $upload_msg ?> <br/>
<?php echo $file_count ?> files have been submitted today!
</div>
</div>
</div>
</body>
</html>
<?php include ("footer.php"); ?>

68
roles/usb_lib/files/upload/upload2usb.php
View file

@ -4,6 +4,12 @@
* Upload2USB App Helper Functions
*/
set_exception_handler(function (Throwable $exception) {
error_log('UPLOAD2USB ERROR: ' . (string)$exception);
include ("error.php");
});
//return the first removable USB drive location
function getTargetUSBDriveLocation () {
@ -11,26 +17,32 @@ function getTargetUSBDriveLocation () {
// lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" |grep -oP '[^/]MOUNTPOINT="\K[^"]*' -m 1
// lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2
$removable_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2')));
# error if 1<>usb sticks are installed
$rmv_usb_path_count = shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | wc -l');
if ($rmv_usb_path_count == 0) {
throw new RuntimeException('0 USB sticks found <br/><br/>');
} elseif ($rmv_usb_path_count > 1) {
throw new RuntimeException('More than 1 USB sticks installed <br/><br/>');
}
if (empty($removable_usb_path)) {
return "/library/www/html/local_content/";
$rmv_usb_path = trim(str_replace('"', '', shell_exec('lsblk --output NAME,TRAN,RM,MOUNTPOINT --pairs |grep RM=\"1\" | grep -v MOUNTPOINT=\"\" | cut -d " " -f 4 | cut -d "=" -f 2')));
if (empty($rmv_usb_path)) {
throw new RuntimeException('Not able to find USB stick <br/><br/>');
} else {
// error_log ("REMOVABLE USB PATH: " . $removable_usb_path);
return $removable_usb_path . "/";
return $rmv_usb_path . "/";
}
}
//returns folder path where file will be stored, if create_folder_p = 1, it will create the folder if it doesn't exist
function getTargetFolderPath ($create_folder_p) {
$parent_dir = getTargetUSBDriveLocation();
// error_log("PARENTDIR: " . $parent_dir);
$today_folder_name = "UPLOADS." . date("Y-m-d");
$target_folder_path = $parent_dir . $today_folder_name;
if (!file_exists($target_folder_path) && $create_folder_p) {
mkdir($target_folder_path, 0777);
mkdir($target_folder_path, 0777);
}
return $target_folder_path;
}
@ -40,15 +52,45 @@ function getFileCount ($folder_path) {
return count(glob($folder_path . "/*"));
}
//*** TODO *** check file content to see if it's unique or not
function isFileContentUnique ($file) {
//check if file mimetype is acceptable for upload
function isFileMimeTypeAcceptable ($file) {
$mimetype = strtolower(mime_content_type($file));
$invalid_mimetypes_str = array ("compress", "octet", "xml", "zip");
foreach ($invalid_mimetypes_str as $invalid_mt_str) {
if (str_contains($mimetype, $invalid_mt_str)) {
return false;
}
}
return true;
}
//check file content to see if it's unique or not
function isFileContentUnique ($target_folder_path, $file) {
$file_to_upload_md5 = md5_file($file);
$usb_dir = array_diff(scandir($target_folder_path), array('..', '.'));
foreach ($usb_dir as $dir_file) {
$dir_file = $target_folder_path . "/" . $dir_file;
//*** TODO **** check if file exists based on file name and return unique name if does
function getUniqueFileName ($filename) {
if (!is_dir($dir_file)) {
$dir_file_md5 = md5_file($dir_file);
if ($file_to_upload_md5 == $dir_file_md5) {
return false;
}
}
}
return true;
}
//return unique filename
function getUniqueFileName ($target_folder_path, $filename) {
$new_filename = $filename;
$counter = 1;
while (file_exists($target_folder_path . "/" . $new_filename)) {
$counter++;
$new_filename = pathinfo($filename,8) . '-'. $counter . "." . pathinfo($filename,4);
}
return $new_filename;
}
// Check file size - we are not going to check file size for now.
// elseif ($_FILES["uploaded_file"]["size"] > 5000000) {
@ -56,4 +98,6 @@ function getUniqueFileName ($filename) {
// $upload_ok = 0;
// }
?>